Server Side Request Forgery FAQ & Answers

Server-Side Request Forgery (SSRF): OWASP Top 10 A10:2021 (CWE-918) - attacker induces server to make HTTP requests to unintended locations, bypassing network controls. Attack mechanism: application accepts user-provided URL (e.g., 'fetch this image', 'import from URL'), makes server-side HTTP request without validation, attacker provides malicious URL targeting internal resources. Impact: access cloud metadata (steal AWS credentials), scan internal network (discover services behind firewall), port scanning (map infrastructure), read local files (file:// scheme), exfiltrate data (send secrets to attacker server). Real-world breaches: Capital One 2019 (100M+ records via SSRF to AWS metadata http://169.254.169.254), CVE-2021-26855 (Microsoft Exchange ProxyLogon), CVE-2018-1000600 (Jenkins SSRF). Critical: server's privileged network position (access to internal services, cloud metadata, databases) makes SSRF high-impact vulnerability.

Cloud metadata SSRF attack vectors: (1) AWS - http://169.254.169.254/latest/meta-data/iam/security-credentials/admin steals IAM credentials (AccessKeyId, SecretAccessKey, Token), enables full AWS account access, (2) Azure - http://169.254.169.254/metadata/instance?api-version=2021-02-01 (requires header: Metadata: true), leaks VM metadata, subscription details, (3) GCP - http://metadata.google.internal/computeMetadata/v1/ (requires header: Metadata-Flavor: Google), accesses service account tokens, project info. Attack flow: vulnerable application accepts URL parameter http://example.com/fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/admin → server makes request to metadata endpoint → returns credentials in response → attacker extracts credentials from application output. Defenses: AWS use IMDSv2 (requires session token, blocks SSRF), Azure enforce Metadata: true header requirement, GCP use Workload Identity instead of metadata service.

SSRF prevention via allowlisting and network segmentation: (1) URL allowlisting (NOT denylisting) - maintain strict list of allowed domains/IPs, NEVER accept arbitrary URLs from users, example: if domain not in ['api.partner.com', 'cdn.trusted.com']: reject, denylists fail (bypass via http://169.254.169.254.nip.io redirects to metadata). (2) Network segmentation - application tier cannot directly access databases/internal services, use VPCs with security groups (AWS), network policies (Kubernetes), jump hosts for admin access, separate subnets for public-facing vs internal services. (3) Disable HTTP redirects - attacker provides http://safe.com → redirects to http://169.254.169.254 → SSRF, configure HTTP client: follow_redirects=false, validate redirect targets if redirects required. (4) Block private IP ranges - reject requests to 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8 (localhost), 169.254.0.0/16 (AWS metadata link-local), ::1 (IPv6 localhost), fc00::/7 (IPv6 private). Use canonical IP validation after DNS resolution.

SSRF prevention via URL parsing and DNS rebinding: (1) URL parsing validation - use URL parsing libraries (urllib.parse in Python, url.parse in Node.js), validate scheme (allow http/https only, block file://, dict://, gopher://, ftp://), validate hostname (no IP addresses if domain-only expected), canonicalize URLs to detect bypasses (http://127.0.0.1 vs http://0x7f000001 vs http://2130706433 all resolve to localhost). (2) DNS rebinding protection - resolve DNS → validate IP → resolve again before request (detect malicious DNS changing IP mid-request from safe.com to 169.254.169.254), time-of-check-time-of-use (TOCTOU) attack mitigation, use short DNS TTLs and re-validate. (3) Separate network for external requests - dedicated VPC/subnet with strict egress rules (allowlist external domains only), no access to internal services, proxy all external requests through dedicated gateway. Example Python: parsed = urllib.parse.urlparse(url); if parsed.scheme not in ['http', 'https']: reject; if ipaddress.ip_address(parsed.hostname).is_private: reject.

Framework SSRF prevention implementations: (1) Python requests - requests.get(url, timeout=5, allow_redirects=False, verify=True) sets timeout (prevent hanging), disables redirects, enforces SSL verification, (2) Node.js axios - axios.get(url, {maxRedirects: 0, validateStatus: false, timeout: 5000}) disables redirects, sets timeout, (3) Java HttpClient - HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NEVER).build() prevents redirect-based SSRF. Testing for SSRF: (1) Burp Suite Collaborator (out-of-band detection, http://burpcollaborator.net in URL parameters), (2) OWASP ZAP SSRF scanner, (3) Manual payloads - http://169.254.169.254 (AWS metadata), http://localhost, http://127.0.0.1:22, file:///etc/passwd. Compliance: OWASP Top 10 A10:2021 (SSRF), OWASP API Security Top 10 API7:2023 (SSRF), CWE-918, PCI-DSS 6.5.1 (injection prevention). Critical: combine multiple defenses (allowlisting + network segmentation + IP blocking + redirect prevention) for defense-in-depth.

Server-Side Request Forgery (SSRF): OWASP Top 10 A10:2021 (CWE-918) - attacker induces server to make HTTP requests to unintended locations, bypassing network controls. Attack mechanism: application accepts user-provided URL (e.g., 'fetch this image', 'import from URL'), makes server-side HTTP request without validation, attacker provides malicious URL targeting internal resources. Impact: access cloud metadata (steal AWS credentials), scan internal network (discover services behind firewall), port scanning (map infrastructure), read local files (file:// scheme), exfiltrate data (send secrets to attacker server). Real-world breaches: Capital One 2019 (100M+ records via SSRF to AWS metadata http://169.254.169.254), CVE-2021-26855 (Microsoft Exchange ProxyLogon), CVE-2018-1000600 (Jenkins SSRF). Critical: server's privileged network position (access to internal services, cloud metadata, databases) makes SSRF high-impact vulnerability.

Cloud metadata SSRF attack vectors: (1) AWS - http://169.254.169.254/latest/meta-data/iam/security-credentials/admin steals IAM credentials (AccessKeyId, SecretAccessKey, Token), enables full AWS account access, (2) Azure - http://169.254.169.254/metadata/instance?api-version=2021-02-01 (requires header: Metadata: true), leaks VM metadata, subscription details, (3) GCP - http://metadata.google.internal/computeMetadata/v1/ (requires header: Metadata-Flavor: Google), accesses service account tokens, project info. Attack flow: vulnerable application accepts URL parameter http://example.com/fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/admin → server makes request to metadata endpoint → returns credentials in response → attacker extracts credentials from application output. Defenses: AWS use IMDSv2 (requires session token, blocks SSRF), Azure enforce Metadata: true header requirement, GCP use Workload Identity instead of metadata service.

SSRF prevention via allowlisting and network segmentation: (1) URL allowlisting (NOT denylisting) - maintain strict list of allowed domains/IPs, NEVER accept arbitrary URLs from users, example: if domain not in ['api.partner.com', 'cdn.trusted.com']: reject, denylists fail (bypass via http://169.254.169.254.nip.io redirects to metadata). (2) Network segmentation - application tier cannot directly access databases/internal services, use VPCs with security groups (AWS), network policies (Kubernetes), jump hosts for admin access, separate subnets for public-facing vs internal services. (3) Disable HTTP redirects - attacker provides http://safe.com → redirects to http://169.254.169.254 → SSRF, configure HTTP client: follow_redirects=false, validate redirect targets if redirects required. (4) Block private IP ranges - reject requests to 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8 (localhost), 169.254.0.0/16 (AWS metadata link-local), ::1 (IPv6 localhost), fc00::/7 (IPv6 private). Use canonical IP validation after DNS resolution.

SSRF prevention via URL parsing and DNS rebinding: (1) URL parsing validation - use URL parsing libraries (urllib.parse in Python, url.parse in Node.js), validate scheme (allow http/https only, block file://, dict://, gopher://, ftp://), validate hostname (no IP addresses if domain-only expected), canonicalize URLs to detect bypasses (http://127.0.0.1 vs http://0x7f000001 vs http://2130706433 all resolve to localhost). (2) DNS rebinding protection - resolve DNS → validate IP → resolve again before request (detect malicious DNS changing IP mid-request from safe.com to 169.254.169.254), time-of-check-time-of-use (TOCTOU) attack mitigation, use short DNS TTLs and re-validate. (3) Separate network for external requests - dedicated VPC/subnet with strict egress rules (allowlist external domains only), no access to internal services, proxy all external requests through dedicated gateway. Example Python: parsed = urllib.parse.urlparse(url); if parsed.scheme not in ['http', 'https']: reject; if ipaddress.ip_address(parsed.hostname).is_private: reject.

Framework SSRF prevention implementations: (1) Python requests - requests.get(url, timeout=5, allow_redirects=False, verify=True) sets timeout (prevent hanging), disables redirects, enforces SSL verification, (2) Node.js axios - axios.get(url, {maxRedirects: 0, validateStatus: false, timeout: 5000}) disables redirects, sets timeout, (3) Java HttpClient - HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NEVER).build() prevents redirect-based SSRF. Testing for SSRF: (1) Burp Suite Collaborator (out-of-band detection, http://burpcollaborator.net in URL parameters), (2) OWASP ZAP SSRF scanner, (3) Manual payloads - http://169.254.169.254 (AWS metadata), http://localhost, http://127.0.0.1:22, file:///etc/passwd. Compliance: OWASP Top 10 A10:2021 (SSRF), OWASP API Security Top 10 API7:2023 (SSRF), CWE-918, PCI-DSS 6.5.1 (injection prevention). Critical: combine multiple defenses (allowlisting + network segmentation + IP blocking + redirect prevention) for defense-in-depth.